f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe
Size

1.9MB
MD5

86f6eb81ff659b910e55e73784f833e7
SHA1

107d9dbd46f81e5d129b3f906118a8af9ad8b7c8
SHA256

f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266
SHA512

be67f4671025287d33d5b94928c28f750146967302301590edb7286c6d36dbfd4fa10d1d8154b1a3f7b75c6e949cd1f490dd983d61e8de17672714bc5790f8b5
SSDEEP

49152:uf2ZW6TvALLQMPbxYv2jkHI/UHOacaFJWanosJHOrH1P:hI6T4LLQMPVc2jkHWUHOacmJWQJH2VP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4524	rundll32.exe
3236	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 552	3604	f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe	82
PID 3604 wrote to memory of 552	3604	f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe	82
PID 3604 wrote to memory of 552	3604	f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe	82
PID 552 wrote to memory of 2960	552	cmd.exe	84
PID 552 wrote to memory of 2960	552	cmd.exe	84
PID 552 wrote to memory of 2960	552	cmd.exe	84
PID 2960 wrote to memory of 4524	2960	control.exe	85
PID 2960 wrote to memory of 4524	2960	control.exe	85
PID 2960 wrote to memory of 4524	2960	control.exe	85
PID 4524 wrote to memory of 4076	4524	rundll32.exe	93
PID 4524 wrote to memory of 4076	4524	rundll32.exe	93
PID 4076 wrote to memory of 3236	4076	RunDll32.exe	94
PID 4076 wrote to memory of 3236	4076	RunDll32.exe	94
PID 4076 wrote to memory of 3236	4076	RunDll32.exe	94

C:\Users\Admin\AppData\Local\Temp\f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe
"C:\Users\Admin\AppData\Local\Temp\f494deeb21244e9e32935cb3369f8f6ba0447d8f33b92ac5ec7d14054f9ef266.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c .\B~WbP.CMD
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Windows\SysWOW64\control.exe
    CoNtroL "C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.HE6"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.HE6"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:4524
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.HE6"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4076
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.HE6"
        6⤵
        Loads dropped DLL
        
        PID:3236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS41E50238\B~Wbp.cmd

Filesize
27B

MD5
a16484ae9747c6fa5b3386911e3f20a1

SHA1
ac5e9f14b425a98f9d445a99c5968d634cfac947

SHA256
b4f73c1733b4ecd7c705a8c6e4ef7fb09660ec4509cde712415cc6bacfee9eda

SHA512
d83ef2aecfb204c7bdebe67dc2c48761ca2152cec590a52ed8b7b9493e158787b93f695a19edcc338f0e0daa3ac36eb330fb70879940f626d6fe9acfc9af8a8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.HE6

Filesize
1.9MB

MD5
5508b5fe93832e76fa06275fade4d982

SHA1
befe3873b573c373473ff9bf4ce6e3eb68f6680e

SHA256
751fdb1c4cf7a6524b288ce7cdf569c84dfc35f18d4091ad8bdd9587b3e6a769

SHA512
2444c08ee1d39b4dc9f700ba3e98b3b2a5d2a1d6bd604f7333488fa93ba2b7af13dbc1300ca423845d56476760c0e1885386cc2b50cfae152fb5e721f11ac164

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.hE6

Filesize
1.9MB

MD5
5508b5fe93832e76fa06275fade4d982

SHA1
befe3873b573c373473ff9bf4ce6e3eb68f6680e

SHA256
751fdb1c4cf7a6524b288ce7cdf569c84dfc35f18d4091ad8bdd9587b3e6a769

SHA512
2444c08ee1d39b4dc9f700ba3e98b3b2a5d2a1d6bd604f7333488fa93ba2b7af13dbc1300ca423845d56476760c0e1885386cc2b50cfae152fb5e721f11ac164

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS41E50238\PAVd.hE6

Filesize
1.9MB

MD5
5508b5fe93832e76fa06275fade4d982

SHA1
befe3873b573c373473ff9bf4ce6e3eb68f6680e

SHA256
751fdb1c4cf7a6524b288ce7cdf569c84dfc35f18d4091ad8bdd9587b3e6a769

SHA512
2444c08ee1d39b4dc9f700ba3e98b3b2a5d2a1d6bd604f7333488fa93ba2b7af13dbc1300ca423845d56476760c0e1885386cc2b50cfae152fb5e721f11ac164

Download Submit
memory/3236-26-0x0000000002CD0000-0x0000000002DBD000-memory.dmp

Filesize
948KB

Download
memory/3236-25-0x0000000002CD0000-0x0000000002DBD000-memory.dmp

Filesize
948KB

Download
memory/3236-22-0x0000000002CD0000-0x0000000002DBD000-memory.dmp

Filesize
948KB

Download
memory/3236-21-0x0000000002BC0000-0x0000000002CC6000-memory.dmp

Filesize
1.0MB

Download
memory/3236-19-0x0000000000AF0000-0x0000000000AF6000-memory.dmp

Filesize
24KB

Download
memory/4524-9-0x0000000010000000-0x00000000101E4000-memory.dmp

Filesize
1.9MB

Download
memory/4524-16-0x0000000003410000-0x00000000034FD000-memory.dmp

Filesize
948KB

Download
memory/4524-15-0x0000000003410000-0x00000000034FD000-memory.dmp

Filesize
948KB

Download
memory/4524-12-0x0000000003410000-0x00000000034FD000-memory.dmp

Filesize
948KB

Download
memory/4524-11-0x0000000003300000-0x0000000003406000-memory.dmp

Filesize
1.0MB

Download
memory/4524-8-0x0000000002C00000-0x0000000002C06000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads